Privacy policy changes allow AT&T to sell user data
Posted on 09 July 2013.
AT&T, the largest provider of mobile telephony in the United States, has recently announced several changes in their Privacy Policy to allow the sale of anonymized user data to online marketers.

The updated PP outlines new programs the company plans to offer, and explains that they will use "aggregate and anonymous data" to create marketing and analytics reports so that customers can receive more relevant advertising.

"Thatís why we also created consumer controls that will allow you to choose not to have your anonymous information included in these reports, and to choose not to receive the more relevant advertising if you donít want it," they added, stressing that "these programs are based on strictly anonymous information, and they are designed for insight into groups, not individuals."

The company collects the following information from its customers:

As you can see, pretty much everything.

In order to aggregate and anonymize the data they include in reports shared with advertisers and other third parties, they are removing from it Personally Identifiable Information (PII) - data that identifies or can reasonably be used to identify their customers. By that they mean their name, real-world address, and telephone number.

But, as Ken Westin has rightly pointed out, "the data that makes up what is termed Personally Identifiable Information is no longer static."

"Data that can identify you has become a moving target, it used to be over information such as name, Social Security Number, address etc, but it has become increasingly easy to uniquely identify people with composite pieces of otherwise seemingly innocuous data," he says.

Information such as a personís ZIP code, birth date and sex can be used - and has been used - to de-anonymize data samples. Your IP address, mobile device number, the locations of the Wi-Fi networks to which you connect to is all data that doesn't get left out of this "aggregate and anonymous data," and can serve the same goal.

"In the world of privacy and big data 'reasonable' can be a weasel-word, a term used to make the consumer feel better, but in reality provides the company a license to access and share more information that you would suspect," Westin concludes.

Luckily, if you are convinced that relevant ads are not worth it, and you want to opt out of your information being included in these reports, you can do so by changing the settings of your AT&T account to say that you don't want your data shared.

Unluckily, the opting out is not the default, and there are many users out there who will never hear about this change or care about it, and will consequently leave their settings as they were and unknowingly allow AT&T to profit by it.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th